package com.je.gateway.security;

import com.je.gateway.util.RedisUtil;
import org.apache.servicecomb.swagger.invocation.InvocationType;
import org.apache.servicecomb.swagger.invocation.Response;

public class PlatformInputSecurityValidatorFactory {

    public static boolean validatorSpecialCharacter(String name,String value){
        PlatformInputSecurityHandler platformInputSecurityHandler = new PlatformSpecialCharacterInputSecurityHandler();
        return platformInputSecurityHandler.valid(name,value);
    }

    public static boolean validScript(String name,String value){
        PlatformInputSecurityHandler platformInputSecurityHandler = new PlatformScriptInputSecurityHandler();
        return platformInputSecurityHandler.valid(name,value);
    }

    public static Response validatorCharacter(String name, String value){
        //是否开启防SQL注入
        Object sqlInjectionValue = RedisUtil.getHash("systemDecryptCache", "OPEN_ANTI_SQL_INJECTION");
        String isOpenSqlInjection = sqlInjectionValue==null?"":sqlInjectionValue.toString();
        if("1".equals(isOpenSqlInjection)&&validatorSpecialCharacter(name,value)){
            return Response.createFail(InvocationType.PRODUCER,String.format("字段【%s】的值【%s】存在SQL注入风险，请排查！",name,value));
        }
        //是否开启防XSS攻击
        Object xxlAttackValue = RedisUtil.getHash("systemDecryptCache", "OPEN_ANTI_XSS_ATTACK");
        String isOpenXxlAttack = xxlAttackValue==null?"":xxlAttackValue.toString();
        if("1".equals(isOpenXxlAttack)&&validScript(name,value)){
            return Response.createFail(InvocationType.PRODUCER,String.format("字段【%s】的值【%s】存在XSS攻击风险，请排查！",name,value));
        }
        return null;
    }

}
